Can't execute from shared folders

  • While using Win10, I'm trying to run .exe files from folders shared with SMB/CIFS, but I keep getting this kind of error:

    JLZIpay.png


    Wherever I look in OMV control panel I can only find the configuration of read/write permissions. I have 2 user accounts in OMV and basically want them to do whatever they want with those shares. How can I do that?

    • Offizieller Beitrag

    Data drives are mounted with "noexec" option. You can check if it is working when you mount it with "exec". There are some threads about this how to do it.


    EDIT: as ananas mentioned "noexec" does not prevent to execute exe on smb shares.


    RE: Installation and Setup Videos - Beginning, Intermediate and Advanced

    https://openmediavault.readthe…m-environmental-variables

  • macom thank you for your reply.


    I've followed the instructions from TDL's video (removed the noexec attribute, saved, rebooted), deleted all shared folders from SMB/CIFS and "Shared folders", then shared them again, but the problem remains.


    Following additional checks from the second link here's what i got:

    1. /etc/openmediavault/config.xml

    2. /etc/fstab

    3. cat /proc/mounts


    In the last part there's an 'rw' attribute in these lines:

    Code
    /dev/sda1 /srv/dev-disk-by-label-3tb ext4 rw,relatime,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group 0 0
    /dev/sdc1 /srv/dev-disk-by-label-1tb ext4 rw,relatime,jqfmt=vfsv0,usrjquota=aquota.user,grpjquota=aquota.group 0 0


    Could this be the problem? Any other ideas?

  • Is the executable bit set on file system level?

    How do I do that? (I'm fairly new to linux systems).


    ***


    Meanwhile, I followed the guide from one of your previous links and i added the line

    Code
    OMV_FSTAB_MNTOPS_EXT4="defaults,nofail,user_xattr,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0"

    to /etc/default/openmediavault, so now when I mount my ext4 drives, there's no 'noexec' attribute by deafault. The problem is still there.


    ***


    Another thought. Could the problem be that OMV overrides access rights to R/W only when you set up a folder to share?

    • Offizieller Beitrag

    How do I do that? (I'm fairly new to linux systems).


    ***

    Post the output of


    ls -l <filename> in CLI


    http://linuxcommand.org/lc3_lts0090.php

    https://linuxacademy.com/guide…anding-linux-permissions/

  • Thank you for those links. With their help I have executed the following commands:

    Code
    chown -R root: /srv/dev-disk-by-label-1tb
    chown -R root: /srv/dev-disk-by-label-3tb
    chgrp root /srv/dev-disk-by-label-1tb
    chgrp root /srv/dev-disk-by-label-3tb
    chmod -R 777 /srv/dev-disk-by-label-1tb
    chmod -R 777 /srv/dev-disk-by-label-3tb

    Looking back, 'chown' and 'chgrp' weren't really needed as I've set all files' permissions to rwx (777) anyway.


    However, this doesn't solve the problem with the newly added files, as they get the default permissions.

    Code
    root@SERVER:~# ls -l /srv/dev-disk-by-label-3tb/Stuff/qsfv.exe
    -rw-rw-r-- 1 DESKTOP users 372736 Jul 6 18:50 /srv/dev-disk-by-label-3tb/Stuff/qsfv.exe

    Having read your links and a bunch of other stuff on the topic of umask and default permissions, I got a bit confused how to permanently change them to rwx for my 2 folders. What would the solution for OMV be?

    • Offizieller Beitrag

    I've set all files' permissions to rwx (777) anyway.

    No the best idea for security reasons.

    You can use the resetperms plugin to reset it to the original permissions.


    Then set permissions for those files you need it, e.g.


    chmod 770 /srv/dev-disk-by-label-3tb/Stuff/qsfv.exe

  • Please stop posting such nonsense !

    Windows can of course execute files on a CIFS Share.

    The "noxexec" options in /etc/fstab (or in a mount command) only affects the local linux system that has the file system mounted.


    Now I need a beer ...


    Cheers,

    Thomas

  • But then, if I understand it correctly, I'll need to run this command every time I add any new files as the default permissions is set to "-rw-rw-r--". I need a permanent solution for all the files added to my 2 ext4 hdd's. I want all of those files to be fully readable/writable/executable for 2 OMV users who have access to SMB/CIFS shared folders (no guests allowed though) and also not to have any writing/execution problems with those files if I transfer them to another computer.

    • Offizieller Beitrag

    Please stop posting such nonsense !

    Windows can of course execute files on a CIFS Share.

    The "noxexec" options in /etc/fstab (or in a mount command) only affects the local linux system that has the file system mounted.

    Yes, my mistake. Found this out on my system. However it seems to be not that obvious as I did not find a documentation for this in the web. Only trial and error approach as I did. Maybe you can point me in the right direction.


    Based on the tests on my system the executable bit is necessary on a ext4 smb share. Seems to be also confirmed by OP.

  • While using Win10, I'm trying to run .exe files from folders shared with SMB/CIFS, but I keep getting this kind of error:

    Bro, you're asking a question in the wrong forum. The problem is directly related to the April update of Windows 10 1803, where for security reasons, support for executing exe files from samba v1 was disabled.

    What can you do here:

    try to run this file in windows 8 compatibility mode, it helps (sometimes),

    disable support for SMB 1.0 / CIFS Client in Windows components (be sure to reboot),

    well, if we talk about OMV, add the line "server min protocol = SMB2" to the additional SMB options in OMV

  • Bro, you're asking a question in the wrong forum. The problem is directly related to the April update of Windows 10 1803, where for security reasons, support for executing exe files from samba v1 was disabled.

    What can you do here:

    try to run this file in windows 8 compatibility mode, it helps (sometimes),

    disable support for SMB 1.0 / CIFS Client in Windows components (be sure to reboot),

    well, if we talk about OMV, add the line "server min protocol = SMB2" to the additional SMB options in OMV

    I'm also having this issue and don't see a confirmed fix. In my case, I verified that SMB 1.0 is already disabled on Windows clients, yet new files created on an SMB share from a windows machine (that end in *.exe) are not executable on the share. This seems to be a posix permission issue, not an samba version issue.



    Yes, my mistake. Found this out on my system. However it seems to be not that obvious as I did not find a documentation for this in the web. Only trial and error approach as I did. Maybe you can point me in the right direction.


    Based on the tests on my system the executable bit is necessary on a ext4 smb share. Seems to be also confirmed by OP.

    When looking at the file system on OMV, new files are created with the group executable bit not set (0660 instead of 0670 or 0770). If I change them from the Linux CLI to add execute (chmod g+x [file name]) then execute works fine from Windows, but obviously I don't want to have to change it from the CLI every time a windows machine adds a new executable file.


    The OMV documentation indicates that shares are created with 2770, meaning that new files are created with 770, but that's not what I'm seeing when files are created from a windows system over smb. New files created from Windows over SMB are set to 660.


    I want the default to be that files created from windows systems have the group execute bit set in linux (0670 or 0770), how can that be done in in OMV?

  • Thanks for the pointer, that's just what I needed to get on the right track. With some more reading, I found this can be done in the GUI on a per share basis by adding extra options for the SMB/CFIS share and it doesn't require going to the CLI at all. Just add the options and apply.


    Code
    create mask = 0670
    force create mode = 0670
    directory mask = 2770
    force directory mode = 2770
  • This does work.

    Recommend creating a group however, and setting the group owner to that group and giving that group RWX permissions.

    Then you can add users to that group that get those privilges.

    Obviously only really necessary if you have more than one user to the share...but even if there's only one user it doesn't hurt to be prepared to give (or remove) those privileges en masse rather than just to a single user.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!